Vehicles of all types are becoming increasingly complex, as they are fitted with network connections, automated operation components (e.g., “auto-pilot” or “self-driving” features), connected safety and security features, and the like. As vehicles become increasingly complex and connected, a range of security issues have become more prevalent, and the mechanisms to detect and remedy the security issues need to advance accordingly. These security issues include both physical security and cyber security issues from actors both inside and outside the vehicle operating organization.
In the field of aircraft vehicles, in particular, several aircraft incidents have occurred in which personnel on board the aircraft, including crew members, have deliberately flown the aircraft off course or the aircraft has deviated from a planned flight path. A first example is the Germanwings Flight 9525 incident. The Germanwings Flight 9525 incident involved a co-pilot locking other vehicle operators outside the cockpit and initiating a controlled descent until the aircraft impacted a mountainside of the French Alps. A second example is the Malaysia Airlines Flight 370 incident. The Malaysia Airlines Flight 370 incident involved a missing aircraft that was out of radar detection from Air Traffic Control (ATC) and military radar over open ocean, while deviating westwards from the aircraft's planned flight path and transmitting Inmarsat satellite messages.
Also, flight crews may be flying off course due to unintentional changes and/or intentional malicious changes of an aircraft database (or databases), for example the Flight Management System (FMS) and/or a terrain database in a synthetic vision system. These changes may occur via cyber-attacks mechanisms that may not be easily detectable by an unsuspecting flight crew. This can become especially challenging if the flight crew is flying in automatic fully-coupled flight control modes of operation on approach or departure, and could be compounded in poor weather conditions. Furthermore, a concern in providing aircraft data security involves ensuring that any databases, for example the FMS navigation database and/or terrain and obstacle databases for synthetic vision display, are not maliciously tampered with. Cyber security issues may result in aircraft sensors being corrupted such that misleading aircraft guidance or other data is provided to the aircrew or autopilot.
With or without aircraft datalink connectivity, it may be possible for a malicious actor with physical access to the aircraft to deliberately corrupt a database of the aircraft in a subtle, but malicious manner. Data may be deliberately corrupted in a manner where a checking mechanism is also defeated. For example, Cyclic Redundancy Checks (CRC) for a corrupted data value could be calculated and used to replace the CRC of the original data along with replacing the original data. These mechanisms might also not be effective after the data has been decoded in the system and the CRCs or other protective layers have been removed from the data, such as when an authorized or unauthorized entity has physical access or local network access to the various databases. Existing efforts to address physical security and cyber security in aircraft have focused on adding security protections to the cockpit (e.g., cockpit door locks) and adding security protections to the primary avionics to preclude outside actors from gaining access. These techniques typically rely on trusted actors within the aircraft operating organization to operate the vehicle and perform maintenance and maintain security of access mechanisms, such as passwords. Thus, these techniques are susceptible to the potential for undiscovered cyber security threats and for even trusted actors to act in a malicious manner. Specifically, a trusted actor could purposefully deviate from a planned flight path. Further, a trusted actor could alter on-board systems so that one or more sub-systems indicate data to the flight crew that could cause the flight crew to deviate from a planned flight path, to deviate from standard and safe routes or approaches, to descend at an incorrect destination, to request a destination change, and to plan a flight path through restricted air space.
The present disclosure is directed to systems and methods for addressing these goals and interests. Thus, techniques discussed herein disclose systems and methods for detecting security threats in vehicle systems and operations.